Re: [PHP] Studying mcrypt

2011-08-04 Thread Donovan Brooke
Alex Nikitin wrote: [snip] It's never a good idea to store all your keys in code, True, but in the system I was referring to, only the closed source app knows how to "see" the key in the encrypted templates and there is no way for another to know how to decrypt the encrypted templates to se

Re: [PHP] Studying mcrypt

2011-08-04 Thread Alex Nikitin
On Thu, Aug 4, 2011 at 12:23 PM, Donovan Brooke wrote: > Alex Nikitin wrote: > [snip] > > There is code obfuscation with PHP, and you can compile it into C++ with >> HipHop for php for example... >> > [snip] > > > Of course, obfuscation is never a great security solution. Compiling it > into C++

Re: [PHP] Studying mcrypt

2011-08-04 Thread Donovan Brooke
Alex Nikitin wrote: [snip] There is code obfuscation with PHP, and you can compile it into C++ with HipHop for php for example... [snip] Of course, obfuscation is never a great security solution. Compiling it into C++ is interesting... the question would be if the code could be de-compiled..

Re: [PHP] Studying mcrypt

2011-08-04 Thread Donovan Brooke
Alex Nikitin wrote: [snip] What makes your local system any less vulnerable of a point than your server, of anything, its more vulnerable and failure-prone, so unless i'm not getting something, that seems like a poor design decision (i'm sorry) [snip] In the model I profiled, it is a system de

Re: [PHP] Studying mcrypt

2011-08-04 Thread Alex Nikitin
On Thu, Aug 4, 2011 at 10:31 AM, Donovan Brooke wrote: > Alex Nikitin wrote: > [snip] > > Also you shouldn't actually encrypt passwords, the proper way to store >> them >> is hashed, so that if someone grabs your database, they dont have your >> passwords, even if they have the "key". >> > > > H

Re: [PHP] Studying mcrypt

2011-08-04 Thread Donovan Brooke
Alex Nikitin wrote: [snip] Also you shouldn't actually encrypt passwords, the proper way to store them is hashed, so that if someone grabs your database, they dont have your passwords, even if they have the "key". Hello, since this thread is about "studying mcrypt"... In another language, for

Re: [PHP] Studying mcrypt

2011-08-03 Thread Alex Nikitin
> > With best regards from Ukraine, > > Andre > > Skype: Francophile > > My blog: http://oire.org/menelion (mostly in Russian) > > Twitter: http://twitter.com/m_elensule > > Facebook: http://facebook.com/menelion > > > > Original message -

Re: [PHP] Studying mcrypt

2011-08-03 Thread Ashley Sheridan
cophile > > My blog: http://oire.org/menelion (mostly in Russian) > > Twitter: http://twitter.com/m_elensule > > Facebook: http://facebook.com/menelion > > > > Original message > > From: Alex Nikitin > > To: Andre Polykanine >

Re: [PHP] Studying mcrypt

2011-08-03 Thread Alex Nikitin
acebook.com/menelion > > Original message -------- > From: Alex Nikitin > To: Andre Polykanine > Date created: , 9:27:42 PM > Subject: [PHP] Studying mcrypt > > > Yes, since it's trying to represent in characters some purely binary > data, &

Re: [PHP] Studying mcrypt

2011-08-03 Thread Andre Polykanine
Hello Alex, > I have a neat class you can play with... Could you give me the link, please?) -- With best regards from Ukraine, Andre Skype: Francophile My blog: http://oire.org/menelion (mostly in Russian) Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion

Re: [PHP] Studying mcrypt

2011-08-03 Thread Andre Polykanine
Hi Ash, > Please don't top-post :) *Huge sigh* OK, OK! But still it's too uncomfortable to read bottom-posting! :P > You can use base64_encode() on it to convert it into something that's > printable and storable in the DB without having to resort to a binary > blob Thanks, will try!) -- Wi

Re: [PHP] Studying mcrypt

2011-08-03 Thread Alex Nikitin
I have a neat class you can play with... -- The trouble with programmers is that you can never tell what a programmer is doing until it’s too late. ~Seymour Cray On Wed, Aug 3, 2011 at 2:27 PM, Alex Nikitin wrote: > Yes, since it's trying to represent in characters some purely binary data, >

Re: [PHP] Studying mcrypt

2011-08-03 Thread Ashley Sheridan
- > From: Alex Nikitin > To: Andre Polykanine > Date created: , 9:27:42 PM > Subject: [PHP] Studying mcrypt > > > Yes, since it's trying to represent in characters some purely binary > data, > it is not unlikely that you will get VERY weird characters (

Re: [PHP] Studying mcrypt

2011-08-03 Thread Andre Polykanine
log: http://oire.org/menelion (mostly in Russian) Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion Original message From: Alex Nikitin To: Andre Polykanine Date created: , 9:27:42 PM Subject: [PHP] Studying mcrypt Yes, since it's

Re: [PHP] Studying mcrypt

2011-08-03 Thread Alex Nikitin
Yes, since it's trying to represent in characters some purely binary data, it is not unlikely that you will get VERY weird characters (and you do). Also you shouldn't actually encrypt passwords, the proper way to store them is hashed, so that if someone grabs your database, they dont have your pas

[PHP] Studying mcrypt

2011-08-03 Thread Andre Polykanine
Hello Php, It's my first time I use mcrypt. I've done everything like it's written in the php manuals, here is the code: And here's what I get: Original password: asdfasdfasdf Encrypted password: Q�j�* Question: Is it normal to have such strange characters in the encrypted string? I'm